Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual page 266

Viewing the ACIs for an Entry
• user
AuthId
•
control OID
1.3.6.1.4.1.42.2.27.9.5.2
•
boolean criticality
if the server does not support this control (
let the search return as normal (
•
AuthId
checked. If the
are returned.
A user, such as Ted Morris, can use this
he has to his personal entry, as shown below. Along with returning the effective
rights information, the
./ldapsearch -p 389 -h localhost -D
"uid=tmorris,ou=people,dc=example,dc=com" -w password -b
"uid=tmorris,ou=people,dc=example,dc=com" -J
"1.3.6.1.4.1.42.2.27.9.5.2:true:dn:
uid=tmorris,ou=people,dc=example,dc=com" "(objectClass=*)"
version: 1
dn: uid=tmorris, ou=People, dc=example,dc=com
givenName: Ted
sn: Morris
ou: Accounting
ou: People
l: Santa Clara
manager: uid=dmiller, ou=People, dc=example,dc=com
roomNumber: 4117
mail: tmorris@example.com
facsimileTelephoneNumber: +1 408 555 5409
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: tmorris
cn: Ted Morris
userPassword: {SSHA}bz0uCmHZM5b357zwrCUCJs1IOHtMD6yqPyhxBA==
entryLevelRights: v
attributeLevelRights: givenName:rsc, sn:rsc, ou:rsc, l:rsc,
manager:rsc, roomNumber:rscwo, mail:rscwo,
facsimileTelephoneNumber:rscwo, objectClass:rsc, uid:rsc,
cn:rsc, userPassword:wo
266 Red Hat Directory Server Administrator's Guide • May 2005
specifies the account being checked, while
entry over the
user
is the OID for the get effective rights control,
specifies whether the search operation should return an error
is the DN of the entry whose rights over the
is left blank (
AuthId
ldapsearch
entry.
.
true
).
false
), than the rights of an anonymous user
dn:
ldapsearch
returns the regular entry information:
checks the rights of the
AuthId
) or if it should be ignored and
account are being
user
option to retrieve the rights